exploitDog

CVE-2020-4074

Опубликовано: 02 июл. 2020

Источник: nvd

CVSS3: 8.9

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.

Ссылки

https://github.com/PrestaShop/PrestaShop/commit/30b6a7bdaca9cb940d3ce462906dbb062499fc30
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-ccvh-jh5x-mpg4
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/commit/30b6a7bdaca9cb940d3ce462906dbb062499fc30
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-ccvh-jh5x-mpg4
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 1.5.0.0 (включая) до 1.7.6.6 (исключая)

EPSS

Процентиль: 62%

0.00432

Низкий

8.9 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-287

CWE-287

EPSS

Процентиль: 62%

0.00432

Низкий

8.9 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-287

CWE-287